Key Role:

Execute the day-to-day management of the Enterprise Cyber Security (ECS) activities and of Booz Allen’s cybersecurity strategy. Report to the Chief Information Security Officer (CISO) and interact with other senior leaders, members of the board of directors, and other stakeholders as necessary. Collaborate with technical staff and understand governance, risk mitigation, and technical controls. Establish and implement highly effective policies, firm protocols, and security frameworks and promote appropriate collaboration among ECS and Information Security (IS) stakeholders, teams, and structure while growing, managing, and overseeing the ECS team. Work with the CISO and Chief Information Officer in determining acceptable levels of risk for the company and oversee incident response. Work with outside partners or consultants as required to meet independent security audit needs; manage outside security partners, stakeholders, vendors, and solutions providers working on security implementations.  This position is open to temporary remote delivery anywhere within the U.S., to include the District of Columbia.

Basic Qualifications:

• 15+ years of experience in Information Security Programs

• 5+ years of experience in managing Information Security team staffing, contracting, budgeting, vendors, and security programs and projects

• Experience with interfacing with senior executives at the business leader level and communicating complex cybersecurity concepts in business-relevant ways

• Experience with information disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning

• Experience with performing multifaceted projects in conjunction with normal activities

• Knowledge of common information security management frameworks, including NIST

• Knowledge of enterprise systems, cloud solutions, and IT security technologies

• Ability to obtain a security clearance 

• BA or BS degree

• CISSP, CISM, or other security certifications

Additional Qualifications:

• Experience as a thought leader and a team player

• Ability to maintain awareness of cybersecurity industry trends, evaluate solutions and techniques, and remain aware of new and emerging threats

• Ability to conduct presentations to and collaborate with firm stakeholders to raise awareness of security risk management concerns

• Ability to work with full confidentiality and a high level of personal integrity

• Possession of excellent verbal and written communication skills, including the ability to draft and deliver technical reports, presentations, and correspondence

• CRISC, CISA certifications

Clearance: 

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.